Affects Version/s: 4.5.1.015
[root@### ~]# uname -a
Linux ###.team193.com 2.6.32-504.8.1.el6.x86_64 #1 SMP Wed Jan 28 21:11:36 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
[root@### ~]# java -version
openjdk version "1.8.0_45"
OpenJDK Runtime Environment (build 1.8.0_45-b13)
OpenJDK 64-Bit Server VM (build 25.45-b02, mixed mode)
We recently had a server become unresponsive over night, looking at the logs we've found some invalid cookies being sent which appear to be the cause
A request with an invalid cookie throws an uncaught IllegalArgumentException from the servlet container, followed by IllegalMonitorStateExceptions which cause either tomcat or lucee to become unresponsive.
the cookie in question looks to be intentionally malicious, and the request can be easily reproduced using curl
curl -v --cookie 'Greetz to M, st0n3d, Jorgee, CoLdZeRo, and Tomato lol!=0' http://example.com